Merge pull request #180 from actions/enterprise-docs
Adding instructions for installing in GHES
This commit is contained in:
@@ -9,6 +9,8 @@ The action is available for all public repositories, as well as private reposito
|
||||
|
||||
## Installation
|
||||
|
||||
**Please keep in mind that you need a [GitHub Advanced Security](https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security) license if you're running this action on private repositories.**
|
||||
|
||||
1. Add a new YAML workflow to your `.github/workflows` folder:
|
||||
|
||||
```yaml
|
||||
@@ -28,7 +30,32 @@ jobs:
|
||||
uses: actions/dependency-review-action@v2
|
||||
```
|
||||
|
||||
Please keep in mind that you need a GitHub Advanced Security license if you're running this action on private repos.
|
||||
### GitHub Enterprise Server
|
||||
|
||||
This action is available in GHES starting with version 3.6. Make sure
|
||||
[GitHub Advanced
|
||||
Security](https://docs.github.com/en/enterprise-server@3.6/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise)
|
||||
and [GitHub
|
||||
Connect](https://docs.github.com/en/enterprise-server@3.6/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect)
|
||||
are enabled.
|
||||
|
||||
You can use the same workflow as above, replacing the `runs-on` value
|
||||
with the label of any of your runners (the default label
|
||||
is `self-hosted`):
|
||||
|
||||
```yaml
|
||||
|
||||
# ...
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: self-hosted
|
||||
steps:
|
||||
- name: 'Checkout Repository'
|
||||
uses: actions/checkout@v3
|
||||
- name: 'Dependency Review'
|
||||
uses: actions/dependency-review-action@v2
|
||||
```
|
||||
|
||||
## Configuration
|
||||
You can pass additional options to the Dependency Review
|
||||
@@ -52,7 +79,7 @@ jobs:
|
||||
# Possible values: "critical", "high", "moderate", "low"
|
||||
# fail-on-severity: critical
|
||||
#
|
||||
# You can only include one of these two options: `allow-licenses` and `deny-licenses`
|
||||
# You can only include one of these two options: `allow-licenses` and `deny-licenses`. These options are not supported on GHES.
|
||||
#
|
||||
# Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses
|
||||
# allow-licenses: GPL-3.0, BSD-3-Clause, MIT
|
||||
@@ -82,7 +109,7 @@ This example will only fail on pull requests with `critical` and `high` vulnerab
|
||||
You can set the action to fail on pull requests based on the licenses of the dependencies
|
||||
they introduce. With `allow-licenses` you can define the list of licenses
|
||||
your repository will accept. Alternatively, you can use `deny-licenses` to only
|
||||
forbid a subset of licenses.
|
||||
forbid a subset of licenses. These options are not supported on GHES.
|
||||
|
||||
You can use the [Licenses
|
||||
API](https://docs.github.com/en/rest/licenses) to see the full list of
|
||||
@@ -107,6 +134,7 @@ to filter. A couple of examples:
|
||||
|
||||
**Important**
|
||||
|
||||
* Checking for licenses is not supported on GHES.
|
||||
* The action will only accept one of the two parameters; an error will
|
||||
be raised if you provide both.
|
||||
* By default both parameters are empty (no license checking is
|
||||
|
||||
Reference in New Issue
Block a user